On the finish of September, we had been the sufferer of a social engineering assault concentrating on considered one of our staff. This extremely refined assault started on the Discord platform with the downloading of malware underneath cowl of a sport on the Steam platform, proposed by an acquaintance of our worker, himself a sufferer of the identical assault.
Our safety workforce took fast motion. Regardless of our actions, the attacker was in a position to exploit one of many stolen cookies to hook up with the administration interface of considered one of our SaaS suppliers. Because of this cookie, now deactivated, the attacker was in a position to extract, through our SaaS supplier’s API, sure non-public details about you.